Home » General Chat

How-to for arris eMTAs on docsis 1.1 networks using dhcpd

Posted May 14th, 2008 by kwesibrunee

Arris eMTAs work very well with sip, however getting them initially provisioned can be tough.

I have successfully deployed docsis 1.1 arris eMTAs with dhcpd using SIP. I am going to post my configs here sanitized of course for others to learn from.

What is needed to make it work is thus:
DHCP server capable of option 122 (I use dhcpd)
SIP firmware for arris modems (obtained through arris)
SIP Server (Third party or Asterisk server)
TFTP server
time of day server
log server(optional)
software to create/edit modem and mta configs (packetace from arris or the open source package docsis are sufficient)

The way my DHCP is setup is using matches, if a dhcp request comes in starting with "docsis" in its vendor-class-identifier it is classified as a modem, if the vendor-class-identifier starts with "pktc" it is treated as a mta.
Further more I use groups to differentiate between different levels of service. We authenticate both modems and clients/mtas so they must be present in the server to get an IP.
This particular server only hands out IPs for Voip modems and MTAs so all other requests are denied. I use Omapi to dynamically add/remove clients without restarting dhcpd.

We have multiple tiers of service, only listed a few, we also offer a Voip only service which has no internet access.

The way I prioritize voip traffic is with separate service flows, one for voip traffic one for everything else, both upstream and downstream.

Our SIP termination is provided by a third party. During testing I used our Asterisk server for SIP termination.

DHCPd runs on debian, and we use a Cisco 7246VXR as our cmts.

Here are the relevant configs

------------------------------------------------------------------------------------------------------------------
dhcpd.conf

ddns-update-style none;
ignore client-updates;
omapi-port 9991;
key omapi_key {
  algorithm HMAC-MD5;
  secret "Our encrypted Key";
};
omapi-key omapi_key;

option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 };
option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.tgs-util code 7 = integer 8;
option docsis-mta.timer code 8 = integer 8;
option docsis-mta.ticket-ctrl-mask code 9 = integer 16;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;

option docsis-mta.dhcp-server-1 192.168.224.40;
option docsis-mta.provision-server 0 "\003mta\007domains\003net\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";

class "CM" {
  match if substring(option vendor-class-identifier,0,6) = "docsis";
  spawn with option agent.remote-id;
  vendor-option-space docsis-mta;
  default-lease-time 604800;
  max-lease-time 604800;
  min-lease-time 302400;
  option time-offset -21600;
  next-server 192.168.224.40;
  option tftp-server-name "192.168.224.40";
  option time-servers 192.168.224.33;
  option log-servers 192.168.224.40;
  option domain-name "mta.domains.net";
  ddns-updates off;
  option routers 10.1.6.1;
  option subnet-mask 255.255.0.0;
  option docsis-mta.dhcp-server-1 192.168.224.40;
}

class "MTA" {
  match if substring(option vendor-class-identifier,0,5) = "pktc1";
  spawn with option agent.remote-id;
  default-lease-time 21600;
  max-lease-time 21600;
  min-lease-time 10800;
  option domain-name "mta.domains.net";
  ddns-updates off;
  option domain-name-servers 192.168.245.13, 192.168.245.10;
  option subnet-mask 255.255.0.0;
  option routers 10.1.6.1;
  option log-servers 192.168.224.40;
  option time-servers 192.168.224.33;
  option tftp-server-name "192.168.224.40";
  next-server 192.168.224.40;
  option time-offset -18000;
  option host-name = host-decl-name;
  option docsis-mta.provision-server 0 "\003mta\007domains\003net\000";
  option docsis-mta.krb-realm-name "\005BASIC\0011\000";
}

/* The subnet the dhcp server is in */
subnet 192.168.224.32 netmask 255.255.255.224 {
}
/* A shared network for CMs and MTAs */
shared-network cableplant {
  /*The subnet the requests come from generally the cable interfaces IP*/
  subnet 192.168.225.0 netmask 255.255.255.0 {
  }
  /* the subnet for CMs and MTAs*/
  subnet 10.1.0.0 netmask 255.255.0.0 {
    /*this pool is for known MTAs*/
    pool {
      range 10.1.60.2 10.1.64.254;
      allow members of "MTA";
      deny unknown-clients;
    }
    /*This pool is for known cable modems*/
    pool {
     range 10.1.65.2 10.1.69.254;
      allow members of "CM";
      deny unknown-clients;
    }
  }
}
/* Group for Plus users*/
group Plus {
  filename "Plus.bin";
  option bootfile-name "Plus.bin";
}
/*Group for Voip only users*/
group VoipOnly {
  filename "VoipOnly.bin";
  option bootfile-name "VoipOnly.bin";
}

/* an MTA entry */
host nh4797942e084be960 {
  hardware ethernet 00:00:00:00:00:00;
}
/* a Cable Modem entry */
host nh46fd2a7608bc2710 {
  hardware ethernet 00:00:00:00:00:01;
  group "Plus";
}

the line
spawn with option agent.remote-id;
is necessary because the CMTS is acting as a proxy for dhcp requests

on cisco cmts's you need to add
ip dhcp relay information option
so that this information is added to the dhcp request
------------------------------------------------------------------------------------------------------------------
Modem Configs

and decoded config files for modem configs using docsis software located at http://docsis.sourceforge.net

The modems are configured to upgrade to the sip firmware if they are not using it already,

this line
SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
Turns on the web interface on the wan side

and this line
SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
tells the modem that the mta file will be in the format macaddress.bin

the rest is standard docsis

#docsis -d Plus.bin
Main
{
  NetworkAccess 1;
  SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
  SnmpMibObject docsDevSwAdminStatus.0 Integer 2; /* allowProvisioningUpgrade */
  MaxCPE 3;
  MaxClassifiers 20;
  GlobalPrivacyEnable 1;
  SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
  SwUpgradeServer 192.168.224.40;
  SwUpgradeFilename "TS050237C_112907_NA.MODEL_4_5_6.SIP.img";
  MfgCVCData 0x308203a63082028ea00302010202106c0943ec39872d8fecda6c489e5e9030300d06092a864886f70d0101050500308197310b300906035504061302555331393037060355040a133044617461204f766572204361626c65205365727669636520496e746572666163652053706563696669636174696f6e7331153013060355040b130c4361626c65204d6f64656d73313630340603550403132d444f43534953204361626c65204d6f64656d20526f6f7420436572746966696361746520417574686f72697479301e170d3031303931323030303030305a170d3133303931313233353935395a306a310b300906035504061302555331223020060355;
  MfgCVCData 0x040a1319417272697320496e7465726163746976652c204c2e4c2e432e310f300d060355040b1306444f43534953312630240603550403131d436f646520566572696669636174696f6e20436572746966696361746530820122300d06092a864886f70d01010105000382010f003082010a0282010100d40c5aeacfd1e9ab5f9e5088ca835eeb487369852ccd9a92e2f7fde9b28caaca21189c0b696ce1f2666c0bc8c7183877ce519e527030daf8437538ec12caa44922472397f5259e067131d046f67b1e2b25ef37b443b89d3f86db6655252595c427a6d641db7b392e8e01d7bbdf73d2138a85553747d6c0685f76bc80c82e755f8acc87c65650a1;
  MfgCVCData 0x492f14b48c97a806327949c5faaa438ac5f0a976474fd26cde4556d52bfa5dc7508fa7f150fa454c681f5108085296f2c94c371b57cd193e8939d6268c8cd96e3e8a06caba6d5cb82989c1751e21e77f09ca73da4daa1fde5bc68bed4b8eb5b0ea3abb23d4249790b2a093dde0806573138cbb99fdceb6ffc10203010001a31a301830160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d0101050500038201010094f271a8bbbac1d7fc054260170b59f0b6ac9da70d0148699e0d240b033d9c34918f7737cd45b822edf9e1bec4c5b030d878b6378b5a7995d032e933ec0ae0db436a3f52181ffee08e0cd4f6201f1115;
  MfgCVCData 0x0f4cf1bef41c9c58ef166582b5e7f1aa1afcd7badeb7b0097845c2d95ee89f66767f3bc080c2994e8c39ca9f22bcc22151ba9221b7ca87e81fdad3fcf48feb61c739ec751ac00afacd88ccc99d11ee6a96c5a591f625875ed7af60460e7330dee05ec183d1717af3f2702df0253fd1a49cbca6a654b37cb7846f91c11e3a83d1e68c28aa25a35d9849393b009b9a5328e5729017d35bb841d62f950007ba7d73e2fff4e14d0f3a49193805495714811b;
  BaselinePrivacy
  {
    AuthTimeout 10;
    ReAuthTimeout 10;
    AuthGraceTime 600;
    OperTimeout 10;
    ReKeyTimeout 10;
    TEKGraceTime 600;
    AuthRejectTimeout 60;
    SAMapWaitTimeout 1;
    SAMapMaxRetries 4;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 1;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 2;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsPacketClass
  {
    ClassifierRef 2;
    ServiceFlowRef 2;
    IpPacketClassifier
    {
      IpDstAddr 192.168.68.4;
      IpProto 257;
      IpDstMask 255.255.255.255;
    }
    ActivationState 1;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 101;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 1500000;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 102;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
  }
  DsPacketClass
  {
    ClassifierRef 102;
    ServiceFlowRef 102;
    RulePriority 1;
    ActivationState 1;
    IpPacketClassifier
    {
      IpProto 257;
      IpSrcAddr 192.168.68.4;
      IpSrcMask 255.255.255.255;
    }
  }  
  /*EndOfDataMkr*/
}

Esentially the same thing but with the Ethernet and USB ports disabled.
#docsis -d VoipOnly.bin
Main
{
  NetworkAccess 1;
  SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
  SnmpMibObject ifAdminStatus.5 Integer 2; /* down */
  SnmpMibObject ifAdminStatus.1 Integer 2; /* down */
  SnmpMibObject docsDevSwAdminStatus.0 Integer 2; /* allowProvisioningUpgrade */
  MaxCPE 1;
  MaxClassifiers 20;
  GlobalPrivacyEnable 1;
  SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
  SwUpgradeServer 192.168.224.40;
  SwUpgradeFilename "TS050237C_112907_NA.MODEL_4_5_6.SIP.img";
  MfgCVCData 0x308203a63082028ea00302010202106c0943ec39872d8fecda6c489e5e9030300d06092a864886f70d0101050500308197310b300906035504061302555331393037060355040a133044617461204f766572204361626c65205365727669636520496e746572666163652053706563696669636174696f6e7331153013060355040b130c4361626c65204d6f64656d73313630340603550403132d444f43534953204361626c65204d6f64656d20526f6f7420436572746966696361746520417574686f72697479301e170d3031303931323030303030305a170d3133303931313233353935395a306a310b300906035504061302555331223020060355;
  MfgCVCData 0x040a1319417272697320496e7465726163746976652c204c2e4c2e432e310f300d060355040b1306444f43534953312630240603550403131d436f646520566572696669636174696f6e20436572746966696361746530820122300d06092a864886f70d01010105000382010f003082010a0282010100d40c5aeacfd1e9ab5f9e5088ca835eeb487369852ccd9a92e2f7fde9b28caaca21189c0b696ce1f2666c0bc8c7183877ce519e527030daf8437538ec12caa44922472397f5259e067131d046f67b1e2b25ef37b443b89d3f86db6655252595c427a6d641db7b392e8e01d7bbdf73d2138a85553747d6c0685f76bc80c82e755f8acc87c65650a1;
  MfgCVCData 0x492f14b48c97a806327949c5faaa438ac5f0a976474fd26cde4556d52bfa5dc7508fa7f150fa454c681f5108085296f2c94c371b57cd193e8939d6268c8cd96e3e8a06caba6d5cb82989c1751e21e77f09ca73da4daa1fde5bc68bed4b8eb5b0ea3abb23d4249790b2a093dde0806573138cbb99fdceb6ffc10203010001a31a301830160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d0101050500038201010094f271a8bbbac1d7fc054260170b59f0b6ac9da70d0148699e0d240b033d9c34918f7737cd45b822edf9e1bec4c5b030d878b6378b5a7995d032e933ec0ae0db436a3f52181ffee08e0cd4f6201f1115;
  MfgCVCData 0x0f4cf1bef41c9c58ef166582b5e7f1aa1afcd7badeb7b0097845c2d95ee89f66767f3bc080c2994e8c39ca9f22bcc22151ba9221b7ca87e81fdad3fcf48feb61c739ec751ac00afacd88ccc99d11ee6a96c5a591f625875ed7af60460e7330dee05ec183d1717af3f2702df0253fd1a49cbca6a654b37cb7846f91c11e3a83d1e68c28aa25a35d9849393b009b9a5328e5729017d35bb841d62f950007ba7d73e2fff4e14d0f3a49193805495714811b;
  BaselinePrivacy
  {
    AuthTimeout 10;
    ReAuthTimeout 10;
    AuthGraceTime 600;
    OperTimeout 10;
    ReKeyTimeout 10;
    TEKGraceTime 600;
    AuthRejectTimeout 60;
    SAMapWaitTimeout 1;
    SAMapMaxRetries 4;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 1;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 2;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsPacketClass
  {
    ClassifierRef 2;
    ServiceFlowRef 2;
    IpPacketClassifier
    {
      IpDstAddr 192.168.68.4;
      IpProto 257;
      IpDstMask 255.255.255.255;
    }
    ActivationState 1;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 101;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 102;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
  }
  DsPacketClass
  {
    ClassifierRef 102;
    ServiceFlowRef 102;
    RulePriority 1;
    ActivationState 1;
    IpPacketClassifier
    {
      IpProto 257;
      IpSrcAddr 192.168.68.4;
      IpSrcMask 255.255.255.255;
    }
  }
  /*EndOfDataMkr*/
}

------------------------------------------------------------------------------------------------------------------
MTA Config

Here is a decoded mta config

#docsis -d 000011112222.bin
Main
{
  MtaConfigDelimiter 1;
  VendorSpecific
  {
    VendorIdentifier 0x0000ca;
    GenericTLV TlvCode 69 TlvStringZero "*[0-4]x|*50x.*x.[T#]|*5[356]x.[T#]|*5[47]|*6[1359]|*6[27]x.[T#]|*7[02]x.[T#]|*7[389]|*74xx*x.[T#]|*75xx|*80*x.*x.*x.[T#]|*82x.[T#]|*8[89]|*9[02689]x.[T#]|*93|"; /* tlv length = 159 */
  }
  VendorSpecific
  {
    VendorIdentifier 0x0000ca;
    GenericTLV TlvCode 69 TlvStringZero "0[T#]|011x.[T#]|101x.[T#]|1411|[0-1][2-9]xxxxxxxxx|[2-9]11|[2-9]xxxxxx[T#]|[2-9]xxxxxxxxx"; /* tlv length = 90 */
  }
  SnmpMibObject pktcMtaDevEnabled.0 Integer 1; /* true */
  SnmpMibObject enterprises.4115.11.1.27.0 String "5555555555" ;
  SnmpMibObject enterprises.4115.11.1.28.0 String "5555555555" ;
  SnmpMibObject enterprises.4115.10.1.3.0 IPAddress 10.10.10.10 ;
  SnmpMibObject enterprises.4115.11.1.1.1.2.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.3.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.4.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.5.1 String "123456789" ;
  SnmpMibObject pktcNcsEndPntConfigMWD.9 Integer 2 ;
  SnmpMibObject ifAdminStatus.9 Integer 1; /* up */
  SnmpMibObject enterprises.4115.11.1.3.0 String "192.168.68.4;5060" ;
  SnmpMibObject enterprises.4115.11.1.4.0 Integer 0 ;
  SnmpMibObject enterprises.4115.11.1.5.0 String "192.168.68.4;5060" ;
  SnmpMibObject enterprises.4115.11.1.6.0 Integer 0 ;
  SnmpMibObject enterprises.4115.11.1.7.0 HexString 0x04808000 ;
  SnmpMibObject enterprises.4115.11.1.8.0 String "PCMU;telephone-event" ;
  SnmpMibObject enterprises.4115.11.1.9.0 Integer 20 ;
  MtaConfigDelimiter 255;
}

here is what the various parts mean (contact Arris for further clarification)

VendorSpecific stuff is digit map and feature enabling (this is what our SIP provider sets)

SnmpMibObject enterprises.4115.11.1.27.0 String "5555555555" ;
SnmpMibObject enterprises.4115.11.1.28.0 String "5555555555" ;
These lines combat a bug in old sip firmware that causes calls with no caller id to be dropped the value you set these to is not important as long as it is not a real telephone number.

SnmpMibObject enterprises.4115.10.1.3.0 IPAddress 10.10.10.10 ;
Syslog server address

SnmpMibObject enterprises.4115.11.1.1.1.2.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.3.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.4.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.5.1 String "123456789" ;
These are username, displayname, login, and password respectfully

SnmpMibObject pktcNcsEndPntConfigMWD.9 Integer 2 ;
SnmpMibObject ifAdminStatus.9 Integer 1; /* up */
These turn the EMTA on and set its admin status to up.

SnmpMibObject enterprises.4115.11.1.3.0 String "192.168.68.4;5060" ;
SnmpMibObject enterprises.4115.11.1.4.0 Integer 0 ;
Proxy Address;port and type 0=ipv4

SnmpMibObject enterprises.4115.11.1.5.0 String "192.168.68.4;5060" ;
SnmpMibObject enterprises.4115.11.1.6.0 Integer 0 ;
Registrar Address;port and type 0=ipv4

SnmpMibObject enterprises.4115.11.1.7.0 HexString 0x04808000 ;
SIP Feature Switch options (our sip provider set this)

SnmpMibObject enterprises.4115.11.1.8.0 String "PCMU;telephone-event" ;
provisioned codecs

SnmpMibObject enterprises.4115.11.1.9.0 Integer 20 ;
packetization rate in millisecs

----------------------------------------------------------------------------------------------------

Please post any questions you may have about my setup here and I will answer to the best of my ability. or shoot me an email offlist at jasonp*at*cablemo*dot*com

‹ Wireless Docsis at 10.5Ghz need htmls for docsis_server ›

Http rather than tftp?

On October 6th, 2008 cdruml says:

Pardon a newbie for a possibly simple quesition but I haven't found a solution in my own research. Our Arris eMTA pulls its config file fine via tftp but we would like it to use http instead. How can this be configured?

As far as I know this is not

On October 17th, 2008 kwesibrunee says:

As far as I know this is not possible, tftp is the only way it can retrieve its config.

Out of curiousity why would you want it to use HTTP?

Powered by Drupal - Design by artinet